| Firewall,as a mechanism of compulsory access control between the network or system, is an important means to ensure the network security. Firewall can be a very simple filter,but also it can be a carefully targeted gateway.But the principle is the same,which is monitoring and filtering all the information exchanged in internal and external networks.As the increasingly powerful function of network,the performance of firewall is becoming the network traffic bottlenecks.We request for firewall's powerful function as same as it's performance. It is not difficult for developers to configure the firewall according to their specific needs and improve firewall performance under Linux system.Linux as an open source operating system,is famous for it's stability and security. netfilter/iptables is a firewall system based on Linux which has a great function.This thesis first analysed the system strcture of netfilter/iptables and the working principle of iptables,then introduced iptables rule set,and last proposed an effective algorithm to optimize the rules set which is implemented based on Linux system.In the part of implementation,the experimental results and some key code of the algorithm are given. |
PDF Full Text Request